Appl. No. 10/705,212 PATENT 
Amdt. dated July 7, 2009 
Amendment 
Examining Group 3621 

REMARKS/ARGUMENTS 

Prior to this amendment, claims 1-8, 10-17, 19-26, 28-38 and 41-44 were pending. In 
this amendment, claims 1, 5, 6, 10, 14, 15, 17, 19, 23, 24,30, and 43 are amended, claims 4, 13, 
22, 34-37, and 42 are canceled and claims 45 and 46 are added. No new matter is added. Thus, 
after entry of this amendment, claims 1-3, 5-8, 10-12, 14-17, 19-21, 23-26, 28-33, 41, and 43-46 
are pending. 

I. Claim Rejections - 35 USC $ 112, First Paragraph 

Claims 1-8, 10-17, 19-26, 28-38, and 41-44 are rejected under 35 U.S.C. §112, first 
paragraph, as failing to comply with the written description requirement. This rejection is 
traversed. The Office Action alleges that claim 1 recites "wherein the authentication response 
includes a second HTTP redirect command comprising the address of the merchant, wherein the 
cardholder system thereafter forwards the authentication response to the merchant system" 
which lacks support in the specification. (Office Action Pg. 4). 

With respect to the first feature, "wherein the authentication response includes a second 
HTTP redirect command comprising the address of the merchant," the claims have been 
amended to more clearly recite this feature as disclosed in the specification. As such, the 
rejection related to this claim feature is moot. 

With respect to the second feature, "wherein the cardholder system thereafter forwards 
the authentication response to the merchant system," support for this feature can be found in the 
second sentence of P[0036] of the specification as filed, which recites, "The cardholder system 
205 in turn forwards the authentication response 268 back to the merchant system 210." 

Withdrawal of the rejection under 35 U.S.C. §1 12, first paragraph, is respectfully 
requested for the reasons mentioned above. 
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II. Claim Rejections - 35 USC §103(a). Sunder, Breck. Graves 

Claims 1, 2, 7, 8, 10, 11, 16, 17, 19, 20, 25, 26, 32, 33, 38, 41, 43, and 44 are rejected 
under 35 U.S. C. § 103(a) as being unpatentable over Sunder (U.S. Patent Pub. 
No. 2005/0021781) and Breck (U.S. Patent Pub. No. 2004/0158532) in view of Graves (U.S. 
Patent Pub. No. 2004/0177047). This rejection is traversed. In the interests of advancing 
prosecution, independent claim 1 has been amended to incorporate the limitations of dependent 
claims 3 and 4. Claim 3 was rejected as being obvious over Sunder, Breck, and Graves in 
further view of Gerdes (U.S. Publication No. 2003/0046541). Claim 4 was rejected as being 
obvious over Sunder, Breck, and Graves in further view of Golan (U.S. Publication No. 
2004/0254848). Independent claims 10 and 19 have also been amended to recite limitations that 
are similar to those in claim 1 . 

As such, the rejection of independent claims 1,10, and 19 is now in view of five 
references, Sunder, Breck, Graves, Gerdes, and Golan. The citation of five references to reject 
the broadest claims suggests that impermissible hindsight was used. 

There are a number of additional reasons why the claims are patentable. First, there 
would be no rational underpinning to combine the cited references. Second, the combination of 
references as suggested by the Office Action would alter the principle of operation of the 
primary reference. Finally, even if there was a rational underpinning to the combine these five 
references, each and every limitation of the claims is not taught or suggested by the references.. 

A. No Rational Underpinning to Combine References 

Sunder describes a system of providing data to a client device by a network access point. 
(Sunder, Abstract). The client device may send an authentication request to a network access 
point, the authentication request including identification credentials. (Sunder, P[0007]). The 
network access point may communicate the authentication request to an authentication server. 
(Sunder, P[0008]). The authentication server may create an authentication response, including 
data such as pricing details for utilizing the network access point. (Sunder, P[0062]). The 
authentication response may be sent to the client device via the network access point. (Sunder, 
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P[0063-0064]). The client device may parse the authentication response to determine network 
access point details, such as pricing for using the network access point. (Id.). Sunder does not 
disclose or suggest a merchant system. The Office Action admits Sunder does not disclose or 
suggest a merchant system. (Office Action, Pg. 4-5). 

The Office Action relies on Breck as disclosing a merchant system. (Office Action, Pg. 4- 
5). Breck describes a system wherein a user submits a secondary transaction number (STN) that 
is associated with the user's primary account to a merchant system. (Breck, Abstract). When 
making a purchase on the merchant's system, the user may click a link to retrieve a STN. (Breck, 
P[0080]). The STN may be utilized to complete a purchase on the merchant's web site, thus 
relieving the user of having to disclose his real account number to the merchant. (Breck, 
P[0014]). 

Although Breck may describe a merchant system, there would be no reason to include a 
merchant system in the system of Sunder. The system in Sunder allows a client device to obtain 
network access point information, such as pricing information, from an authentication server. 
There would be no reason to add a merchant system to the system as described in Sunder, as a 
merchant system would serve no purpose in the system as described in Sunder. The Office 
Action has alleged that one of skill in the art would have been motivated to combine Sunder and 
Breck as it would provide an additional level of security. (Office Action, Pg. 6). The Office 
Action not only fails to set forth a purpose, other than a conclusory statement not supported by 
evidence, for adding a merchant system to Sunder, it also fails to articulate how adding a 
merchant system, which would serve no purpose in Sunder, provides any additional security. 
Even if a merchant system was added to the system in Sunder, it would actually decrease 
security, as it would be an additional system that contains data that could be compromised. 

The Office Action further relies on Graves as disclosing or suggesting a merchant 
system. Graves describes a system wherein a buyer may make a purchase from a seller online. 
(Graves, Abstract). The buyer may send authentication information to an authentication service. 
(Graves, P[0052]). The authentication service may present a challenge to the buyer. (Id.). If the 
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authentication service receives a proper response from the buyer, the authentication service 
notifies the seller system that the transaction is authorized. (Graves, P[0056]). 

Once again, for the same reasons as discussed above with respect to Breck, Graves at 
best describes a merchant system. However, this still does not resolve the issue that there would 
be no reason to add a merchant system to Sunder, as it would serve no purpose in transferring 
information from the authentication server to the client device. Additionally, just as with Breck, 
there would be no additional security provided by adding a merchant server that serves no 
purpose, to Sunder. 

The Office Action has not articulated any reasonable reason why a merchant system 
would be added to the system as described in Sunder. As such, it appears the only reason for 
adding a merchant system to Sunder is in view of the Applicants' disclosure. As such, the Office 
Action is using impermissible hindsight to combine the references. Applicants understand that 
there need not be an express reason to combine references stated in the references, however there 
must be some reason a person of skill in the art would be motivated to do so, at the time of 
invention. See MPEP 2145(X)(A). 

Golan describes a system wherein a merchant queries a directory server with a verifying 
enrollment request to determine if the cardholder is enrolled in the authentication system. 
{Golan, P[0094]). The directory server queries an access control server (ACS) to determine if 
the cardholder is enrolled, and if so, the ACS returns a URL for the ACS which can be returned 
to the merchant system. (Golan, P[0096-0097]). The merchant system may then send the URL 
to the cardholder system in a web page that redirects the cardholder system to the ACS. (Golan, 
P[0099]). 

The combination of Golan with Sunder is improper for at least the reasons described 
above. There would be no reason to add a directory server to Sunder, as it would serve no 
purpose. The system in Sunder does not require a directory server for operation, and the only 
reason to add a directory server would be impermissible hindsight. 
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B. Proposed Modification Changes Principle Mode of Operation of the Reference 

The proposed combination of references changes the principle mode of operation of the 
primary reference. 

If the proposed modification or combination of the prior art would change 
the principle of operation of the prior art invention being modified, then the 
teachings of the references are not sufficient to render the claims prima 
facie obvious. In re Ratti, 270 F.2d 810, 123 USPQ 349 (CCPA 1959) 
(Claims were directed to an oil seal comprising a bore engaging portion 
with outwardly biased resilient spring fingers inserted in a resilient sealing 
member. The primary reference relied upon in a rejection based on a 
combination of references disclosed an oil seal wherein the bore engaging 
portion was reinforced by a cylindrical sheet metal casing. Patentee taught 
the device required rigidity for operation, whereas the claimed invention 
required resiliency. The court reversed the rejection holding the 
"suggested combination of references would require a substantial 
reconstruction and redesign of the elements shown in [the primary 
reference] as well as a change in the basic principle under which the 
[primary reference] construction was designed to operate." 270 F.2d at 
813, 123 USPQ at 352.). MPEP 2143.01 (VI). 



As stated above in MPEP 2 143. 01 (VI), if the proposed modification of a reference 
changes the principle of operation of the prior art, the teachings of the references are not 
sufficient to render the claims prima facie obvious. Here, the Office Action is not suggesting a 
proposed modification to a merchant system in Sunder, but rather the Office Action is adding a 
completely unnecessary element, the merchant system, to Sunder. The Sunder reference does 
not need a merchant server for operation. The addition of a merchant server would alter the 
principle mode of operation of Sunder by adding an element that would serve no purpose in 
enhancing the operation of Sunder. 

Similarly, just as above, the addition of Golan alters the principle of operation of Sunder. 
Sunder does not require nor suggest a directory server because such a server is not necessary for 
the principle mode of operation of Sunder. The addition of Golan does not merely modify the 
Sunder reference, but rather adds an element, the directory server, that is entirely unnecessary to 
the principle mode of operation of Sunder. 
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C. Each and Every Limitation is not Disclosed by the References, Alone or in 
Combination 

Each and every limitation of the claims is not taught or suggested by the references, alone 

or in combination. For example, claim 1 as amended, recites in part, a merchant server that: 

receives a verifying enrollment response from the directory server, the verifying enrollment 
response including a web site hosted by a central transaction server , the verifying enrollment 
response further including a pseudonym corresponding to the electronic commerce card account 
number, the pseudonym expiring after a predetermined period of time; 



sends an authentication request to a cardholder system in a web page having an HTTP redirect 
command comprising the web site hosted by the central transaction server , the web page further 
including a URL for returning information to the merchant system, the authentication request 
including the pseudonym corresponding to the electronic commerce card account number; 

{emphasis added). Such a limitation is not disclosed or suggested by Sunder, Breck, or Graves, 
alone or in combination. A similar limitation was previously present in claim 4, and has been 
incorporated into claim 1 . In the rejection of claim 4, the Office Action has alleged that such a 
limitation is described by Golan (U.S. Publication No. 2004/0254848). 

Even if such an improper combination was made, such a limitation would still not be 
taught or suggested by the combination of references. Claim 1 recites that the verifying 
enrollment response includes a web site hosted by the central transaction server. The merchant 
server then redirects the cardholder authentication request to the central transaction server. 
Claim 1 further recites a central transaction server that "forwards the authentication request to 
an access control server.'" Golan describes the verifying enrollment response including a URL 
of an access control server. {Golan, P[0096-0097]). The merchant server then redirects the 
cardholder to the access control server. {Golan, P[0098]). Golan does not disclose or suggest a 
central transaction server. If the central transaction server as described in claim 1 is equated with 
the access control server of Golan, a nonsensical result would be achieved, because it would 
require the access control server to forward the authentication request to itself. 

Similarly, claim 1 recites a central transaction server that: 

receives the verifying enrollment request from the directory server; 
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sends the verifying enrollment response to the directory server; 

receives the authentication request from the cardholder system, at the web site 
hosted by the central transaction server in response to the HTTP 
redirect command sent by the merchant system to the cardholder 
system; 

forwards the authentication request to an access control server 

Such limitations are not disclosed or suggested by Sunder. As explained above, the addition of 
Golan does not resolve this, as the combination of Sunder and Golan would require that the 
access control server, which has been equated to the central transaction server, forward 
authentication messages to itself. 

Withdrawal of the rejection of claim 1, and the claims which depend therefrom, is 
respectfully requested. Claims 10 and 19 are amended to contain limitations that are also not 
disclosed or suggested by the cited references for reasons including those set forth above. 
Withdrawal of the rejections of claims 10 and 19, and the claims which depend therefrom, is 
respectfully requested. 

III. Claim Rejections - 35 USC §103(a). Sunder, Breck, [Gravesl, Gerdes 

Claims 3, 12, and 21 are rejected under 35 U.S.C. §103(a) as being unpatentable over 
Sunder and Breck as applied to claims 1, 10, and 19, in further view of Gerdes (U.S. Publication 
No. 2003/0046541). As claims 1, 10, and 19 were rejected under Sunder, Breck, and Graves, in 
the interests of advancing prosecution, Applicants will assume that the omission of the Graves 
reference was an oversight. 

This rejection has been obviated by the incorporation of claims 3, 12, and 21 into their 
respective independent claims and the subsequent cancelation of the claims. 

IV. Claim Rejections - 35 USC §103(a). Sunder, Breck, rGravesl, Golan 

Claims 4-6, 13-15, 22-24, and 28-31 are rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Sunder and Breck as applied to claims 1 , 10 in further view of Golan. As 
claims 1, and 10 were rejected under Sunder, Breck, and Graves, in the interests of advancing 
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prosecution, Applicants will assume that the omission of the Graves reference was an oversight. 
Furthermore, claims 22-24 depend from claim 19, which was rejected for reasons similar to the 
rejections of claims 1 and 10. In the interests of advancing prosecution, Applicants will assume 
that the omission of claim 19 was an oversight. This rejection is traversed. 

Claims 4, 13, and 22 have been incorporated into their respective independent claims, and 
the rejections thereto have been addressed with respect to those independent claims. The 
remaining claims, 5, 6, 14, 15, 23, 24, and 28-31 are allowable at least by virtue of their 
dependence from their respective independent claims. Withdrawal of this rejection is 
respectfully requested. 

V. Claim Rejections - 35 USC §103(a). Sunder, Breck. [Graves!. Golan 

Claims 34-37 and 42 are rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Sunder and Breck in view of Golan. Claims 34-37 and 42 have been canceled, and as such the 
rejection of the claims is moot. 

/// 

/// 

/// 

/// 

/// 

/// 



Page 19 of 20 



Appl. No. 10/705,212 PATENT 
Amdt. dated July 7, 2009 
Amendment 
Examining Group 3621 



CONCLUSION 

In view of the foregoing, Applicants believe all claims now pending in this Application 
are in condition for allowance and an action to that end is respectfully requested. 

If the Examiner believes a telephone conference would expedite prosecution of this 
application, please telephone the undersigned at 415-576-0200. 



Respectfully submitted, 

/Preetam B. Pagar/ 

Preetam B. Pagar 
Reg. No. 57,684 

TOWNSEND and TOWNSEND and CREW LLP 
Two Embarcadero Center, Eighth Floor 
San Francisco, California 941 1 1-3834 
Tel: 415-576-0200 / Fax: 415-576-0300 
PBP:scz 
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